春风十里不如你 —— Taozi - 路由 https://xiongan.host/index.php/tag/%E8%B7%AF%E7%94%B1/ 【ENSP】GRE协议基础配置 https://xiongan.host/index.php/archives/210/ 2023-05-22T19:07:26+08:00 GRE协议基础配置本实验模拟企业网络场景,R1为企业总部的网关设备,并且内部有一台服务器,R3连接着企业分公司网关设备,R2为公网ISP设备。一般情况下,运营商只会维护自身的公网路由信息,而不会维护企业内部私网的路由信息,即运营商设备上的路由表中不会出现任何企业内部私网的路由条目。通过配置GRE实现公司总部和分部间私网路由信息的透传及数据通信。拓扑实验实验步骤配置接口端口地址,根据上图信息进行配置检测R1、R3直连链路的连通性配置R1、R3默认路由[R1]ip route-static 0.0.0.0 0.0.0.0 10.1.12.2 [R3]ip route-static 0.0.0.0 0.0.0.0 10.1.23.2测试PC1和Server1的连通性可以观察到,跨越了互联网的两个私网网段之间默认是无法直接通信的。此时可以通过GRE协议来实现跨越了互联网的两个私网网段之间的通信。配置GRE Tunnel配置R1、R3的GRE tunnel在路由器R1、R3上配置GRE Tunnel,使用命令interface tunnel创建隧道接口,指定隧道模式为GRE。配置R1、R3 Tunnel接口的源地址为其S 1/0/0接口IP地址,目的地址为R1/R3的S 1/0/0接口IP地址。还要使用命令ip address配置Tunnel接口的IP地址,注意要在同一网段。 测试R1与目的地址的连通性检查R1、R3隧道接口状态检查R1、R3路由表配置基于GRE接口的动态路由协议测试PC1与Server1的连通性,发现还不能联通配置R1、R3 RIPv2协议检查R1、R3的RIP邻居检查R1、R3路由表测试PC1和Server1的连通性,可以看到已经联通查看R2的路由表 【BGP】BGP路由优选 https://xiongan.host/index.php/archives/202/ 2023-04-21T18:18:36+08:00 BGP路由优选实验组网R2、R3、R4各添加Loopback0 接口 10.123.x.x测试R2、R4的连通性配置OSPF 64512//配置R2,激活OSPF [R2]ospf 1 router-id 10.123.2.2 [R2-ospf-1] area 0.0.0.0 [R2-ospf-1-area-0.0.0.0] network 10.123.2.2 0.0.0.0 [R2-ospf-1-area-0.0.0.0] network 10.123.23.2 0.0.0.0 [R2-ospf-1-area-0.0.0.0] quit [R2-ospf-1] quit //配置R3.激活OSPF [R3]ospf 1 router-id 10.123.3.3 [R3-ospf-1] area 0.0.0.0 [R3-ospf-1-area-0.0.0.0] network 10.123.3.3 0.0.0.0 [R3-ospf-1-area-0.0.0.0] network 10.123.23.3 0.0.0.0 [R3-ospf-1-area-0.0.0.0] network 10.123.34.3 0.0.0.0 [R3-ospf-1-area-0.0.0.0] quit [R3-ospf-1] quit //配置R4,激活OSPF [R4]ospf 1 router-id 10.123.4.4 [R4-ospf-1] area 0.0.0.0 [R4-ospf-1-area-0.0.0.0] network 10.123.4.4 0.0.0.0 [R4-ospf-1-area-0.0.0.0] network 10.123.34.4 0.0.0.0 [R4-ospf-1-area-0.0.0.0] quit [R4-ospf-1] quit在R3查看ospf的邻居信息查看OSPF路由表配置BGP对等体//配置R1 [R1]bgp 100 [R1-bgp] router-id 10.123.1.1 [R1-bgp] peer 10.123.12.2 as 64512 //配置R2 [R2]bgp 64512 [R2-bgp] router-id 10.123.2.2 [R2-bgp] peer 10.123.3.3 as-number 64512 [R2-bgp] peer 10.123.3.3 connect-interface LoopBack0 [R2-bgp] peer 10.123.3.3 next-hop-local [R2-bgp] peer 10.123.12.1 as-number 100 //配置R3 [R3]bgp 64512 [R3-bgp] router-id 10.123.3.3 [R3-bgp] peer 10.123.2.2 as-number 64512 [R3-bgp] peer 10.123.2.2 connect-interface LoopBack0 [R3-bgp] peer 10.123.4.4 as-number 64512 [R3-bgp] peer 10.123.4.4 connect-interface LoopBack0 //配置R4 [R4]bgp 64512 [R4-bgp] router-id 10.123.4.4 [R4-bgp] peer 10.123.3.3 as-number 64512 [R4-bgp] peer 10.123.3.3 connect-interface LoopBack0 [R4-bgp] peer 10.123.3.3 next-hop-local [R4-bgp] peer 10.123.45.5 as-number 200 //配置R5 [R5]bgp 200 [R5-bgp] router-id 10.123.5.5 [R5-bgp] peer 10.123.45.4 as 64512在R2、R4上检查BGP对等体状态路由发布到BGP中//R1 [R1]bgp 100 [R1-bgp] network 172.16.1.0 24 [R1-bgp] network 172.16.2.0 24 [R1-bgp] network 172.16.3.0 24 [R1-bgp] network 172.16.4.0 24 //R5 [R5]bgp 200 [R5-bgp] network 172.16.1.0 24 [R5-bgp] network 172.16.2.0 24 [R5-bgp] network 172.16.3.0 24 [R5-bgp] network 172.16.4.0 24查看R3的路由表,查看BGP是否学习修改AS_Path属性//创建IP前缀列表1,匹配Loopback1接口路由 [R1]ip ip-prefix 1 permit 172.16.1.0 24 greater-equal 24 less-equal 24 //创建Route-Policy hcip,并创建节点10,在其中调用IP前缀列表1,修改AS_Path属性值 [R1]route-policy hcip permit node 10 [R1-route-policy] if-match ip-prefix 1 [R1-route-policy] apply as-path 300 400 additive [R1-route-policy] quit [R1]route-policy hcip permit node 20 //对向BGP对等体R2通告的BGP路由应用Route-Policy [R1]bgp 100 [R1-bgp] peer 10.0.12.2 route-policy hcip export //在R1上触发出方向的软复位,刷新对外通告的BGP路由 <R1>refresh bgp all export在R3上查看BGP路由172.16.1.0/24的信息此时R3优选R4通告的BGP路由172.16.1.0/24,R2通告的未被优选的原因是AS_Path长度。修改Local_Preference属性创建IP前缀列表1,匹配BGP路由172.16.2.0/24[R4]ip ip-prefix 1 permit 172.16.2.0 24 greater-equal 24 less-equal 24创建Route-Policy hcip,并创建节点10,在其中调用IP前缀列表1,修改Local_Preference属性值[R4]route-policy hcip permit node 10 [R4-route-policy] if-match ip-prefix 1 [R4-route-policy] apply local-preference 200 [R4-route-policy] quit [R4]route-policy hcip permit node 20对向BGP对等体R3通告的BGP路由应用Route-Policy[R4]bgp 64512 [R4-bgp] peer 10.0.3.3 route-policy hcip export刷新对外通告BGP路由<R4>refresh bgp all export在R3上查看BGP路由172.16.2.0/24的明细信息此时R3优选R4通告的BGP路由172.16.2.0/24,R2通告的BGP路由其Local_Preference值为100,小于R3通告的BGP路由Local_Preference值200,因此R2通告的BGP路由未被优选。修改MED属性在R2上使得R3优选R5发布的BGP路由172.16.3.0/24//ip前缀列表1 匹配GBP路由172.16.3.0/24 [R2]ip ip-prefix 1 permit 172.16.3.0 24 greater-equal 24 less-equal 24创建Route-Policy hcip,并创建节点10,在其中调用IP前缀列表1,修改MED属性值[R2]route-policy hcip permit node 10 [R2-route-policy] if-match ip-prefix 1 [R2-route-policy] apply cost 200 [R2-route-policy] quit [R2]route-policy hcip permit node 20对来自BGP对等体R1的BGP路由应用Route-Policy[R2]bgp 64512 [R2-bgp] peer 10.0.12.1 route-policy hcip import在R2刷新接收到的BGP路由<R2>refresh bgp all import在R3上配置允许来自不同AS的BGP路由的MED值[R3]bgp 64512 [R3-bgp] compare-different-as-med在R3上查看BGP路由172.16.3.0/24的明细信息R2通告的BGP路由172.16.3.0/24其MED值为200,而R4通告BGP路由MED值为0,R3优选MED值较小的BGP路由,因此R2通告的BGP路由未被优选。修改preferred-value属性修改R3的路由的pre-value属性的策略,使得R3优选R4通告的BGP路由172.16.4.0/24创建IP前缀列表1,匹配BGP路由172.16.4.0/24[R3]ip ip-prefix 1 permit 172.16.4.0 24 greater-equal 24 less-equal 24创建Route-Policy hcip,并创建节点10,在其中调用IP前缀列表1,修改preferred-value属性值[R3]route-policy hcip permit node 10 [R3-route-policy] if-match ip-prefix 1 [R3-route-policy] apply preferred-value 300 [R3-route-policy] quit [R3]route-policy hcip permit node 20对来自BGP对等体R4的BGP路由应用Route-Policy[R3]bgp 64512 [R3-bgp] peer 10.123.4.4 route-policy hcip importR3刷新收到的路由并查看BGP路由172.16.4.0/24的信息R4通告的BGP路由172.16.3.0/24其preferred-value值为300,而R2通告的preferred-value值为0,R3优选preferred-value值较大的BGP路由,因此R3优选R4通告的BGP路由。修改Origin属性在R1、R5上创建Loopback5接口,将接口路由发布到BGP中,验证Origin属性为IGP的BGP路由优于Origin属性为Incomplete的BGP路由。R1、R5上创建Loopback5,IP地址为172.16.5.1/24[R1]interface LoopBack 5 [R1-LoopBack5] ip address 172.16.5.1 24 [R1-LoopBack5] quit [R5]interface LoopBack 5 [R5-LoopBack5] ip address 172.16.5.1 24 [R5-LoopBack5] quit在R1、R5上将Loopback5接口路由发布到BGP中,通过network方式[R1]bgp 100 [R1-bgp] network 172.16.5.0 24 [R5]bgp 200 [R5-bgp] network 172.16.5.0 24在R3上查看BGP路由表此时R3上优选R2通告(由R1发布)的BGP路由172.16.5.0/24,此时R2、R4通告的BGP路由Origin属性值都为IGP。在R1上取消将Loopback5接口路由发布到BGP创建IP前缀列表2,匹配R1 Loopback5接口路由172.16.5.0/24[R1]ip ip-prefix 2 permit 172.16.5.0 24 greater-equal 24 less-equal 24创建Route-Policy origin,并创建节点10,在其中调用IP前缀列表2[R1]route-policy origin permit node 10 [R1-route-policy] if-match ip-prefix 2 [R1-route-policy] quitR1上修改为使用import-route direct将直连路由发布到BGP,调用Route-Policy origin限制只引入Loopback5接口路由[R1]bgp 100 [R1-bgp] import-route direct route-policy origin在R3上查看BGP路由172.16.5.0/24的明细信息此时R3优选R4通告的BGP路由172.16.5.0/24。R2通告(R1发布)的BGP路由172.16.5.0/24此时Origin属性值为incomplete(通过import-route方式发布到BGP),由于Origin属性值原因,该条路由未被优选。验证BGP优选到Nex_Hop的IGP度量值最小的路由R2、R4之间基于环回口建立IBGP对等体关系,在R2、R3上建立Loopback7接口并将接口路由发布到BGP中,在R4上观察BGP路由优选情况。R2、R4之间建立IBGP对等体关系[R2]bgp 64512 [R2-bgp] peer 10.0.4.4 as-number 64512 [R2-bgp] peer 10.0.4.4 connect-interface LoopBack 0 [R4]bgp 64512 [R4-bgp] peer 10.0.2.2 as-number 64512 [R4-bgp] peer 10.0.2.2 connect-interface LoopBack0检查IBGP对等体关系状态R2、R4上创建Loopback7接口,并将接口路由发布到BGP[R2]interface LoopBack 7 [R2-LoopBack7] ip address 172.16.7.1 24 [R2-LoopBack7] quit [R2]bgp 64512 [R2-bgp] network 172.16.7.0 24 [R3]interface LoopBack 7 [R3-LoopBack7] ip address 172.16.7.1 24 [R3-LoopBack7] quit [R3]bgp 64512 [R3-bgp] network 172.16.7.0 24在R4上查看BGP路由172.16.7.0/24的明细信息R4优选R3发布的BGP路由,其IGP cost为1,小于R2发布的BGP路由IGP cost 2。R2发布的BGP路由未被优选的原因为IGP cost。 【mininet】Opendaylight下的路由实验 https://xiongan.host/index.php/archives/200/ 2023-04-18T21:12:00+08:00 简单的路由实验路由实验首先运行Opendaylight,并安装好组件编辑路由脚本脚本#!/usr/bin/python import time from mininet.net import Mininet from mininet.node import Controller, RemoteController, OVSKernelSwitch,UserSwitch from mininet.cli import CLI from mininet.log import setLogLevel from mininet.link import Link, TCLink def topology():   "Create a network."   net = Mininet( controller=RemoteController, link=TCLink, switch=OVSKernelSwitch )   print "*** Creating nodes ***"   h1 = net.addHost( 'h1', mac='00:00:00:00:00:01', ip='10.123.10.1/24' )   h2 = net.addHost( 'h2', mac='00:00:00:00:00:02', ip='10.123.10.2/24' )   h3 = net.addHost( 'h3', mac='00:00:00:00:00:03', ip='10.123.1.1/24' )   s1 = net.addSwitch( 's1', listenPort=6673, mac='00:00:00:00:00:11' )   s2 = net.addSwitch( 's2', listenPort=6674, mac='00:00:00:00:00:12' )   c0 = net.addController( 'c0', controller=RemoteController, ip='127.0.0.1', port=6633 )   print "*** Creating links ***"   net.addLink(s1, h1, 1, 0)   net.addLink(s2, h3, 1, 0)   Link(h2, s1, intfName1='h2-eth0')   Link(h2, s2, intfName1='h2-eth1')   h2.cmd('ifconfig h2-eth1 10.123.1.2 netmask 255.255.255.0')   h2.cmd('sysctl net.ipv4.ip_forward=1')   h1.cmd('route add default gw 10.123.10.2')   h3.cmd('route add default gw 10.123.1.2')   print "*** Starting network ***"   net.build()   c0.start()   s1.start( [c0] )   s2.start( [c0] )   print "*** Running CLI ***"   CLI( net )   print "*** Stopping network ***"   net.stop() if __name__ == '__main__':   setLogLevel( 'info' )   topology()运行脚本python router.py两个交换机下发转发规则:root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s1 in_port=1,actions=output:2 root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s1 in_port=2,actions=output:1 root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s2 in_port=1,actions=output:2 root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s2 in_port=2,actions=output:1在CLI命令行里执行mininet> h1 route add default gw 10.123.10.2 mininet> h3 route add default gw 10.123.1.2 mininet> h1 ping 10.123.10.2 mininet> h1 ping 10.123.1.2这时候再次测试h1 ping h3 就可以通举例环境继承上述,再添加一个h4,使他们都可以通mininet> py net.addHost( 'h4', mac='00:00:00:00:00:04', ip='10.123.123.1/24' ) mininet> py net.addSwitch( 's3', listenPort=6675, mac='00:00:00:00:00:13' )创建链路mininet> py net.addLink(s3, h4, 1, 0) mininet> py net.addLink(h2, s3, intfName1='h2-eth2')环境继承上述,再添加一个h4,使他们都可以通//添加h4设备 h4 = net.addHost( 'h4', mac='00:00:00:00:00:04', ip='10.123.123.1/24' ) //添加s3交换机 s3 = net.addSwitch( 's3', listenPort=6675, mac='00:00:00:00:00:13' ) //添加s3和h4的链路 net.addLink(s3, h4, 1, 0) //设置ip端口 h2.cmd('ifconfig h2-eth2 10.123.123.2 netmask 255.255.255.0') //设置h4的网关 h4.cmd('route add default gw 10.123.123.2') //开启s3 s3.start( [c0] ) 【BGP】路由器反射器 https://xiongan.host/index.php/archives/199/ 2023-04-18T20:56:51+08:00 BGP路由反射器各接口和环回口ip地址如上图//R2上新添加一个loopback1 ip add 10.2.2.2 24在R2、R3路由器上测试连通性<R2>ping -c 1 10.123.12.1 PING 10.123.12.1: 56 data bytes, press CTRL_C to break   Reply from 10.123.12.1: bytes=56 Sequence=1 ttl=255 time=220 ms --- 10.123.12.1 ping statistics ---   1 packet(s) transmitted   1 packet(s) received   0.00% packet loss   round-trip min/avg/max = 220/220/220 ms <R2>ping -c 1 10.123.23.3 PING 10.123.23.3: 56 data bytes, press CTRL_C to break   Reply from 10.123.23.3: bytes=56 Sequence=1 ttl=255 time=100 ms --- 10.123.23.3 ping statistics ---   1 packet(s) transmitted   1 packet(s) received   0.00% packet loss   round-trip min/avg/max = 100/100/100 ms <R2>ping -c 1 10.123.24.4 PING 10.123.24.4: 56 data bytes, press CTRL_C to break   Reply from 10.123.24.4: bytes=56 Sequence=1 ttl=255 time=170 ms --- 10.123.24.4 ping statistics ---   1 packet(s) transmitted   1 packet(s) received   0.00% packet loss   round-trip min/avg/max = 170/170/170 ms<R3>ping -c 1 10.123.34.4 PING 10.123.34.4: 56 data bytes, press CTRL_C to break   Reply from 10.123.34.4: bytes=56 Sequence=1 ttl=255 time=40 ms --- 10.123.34.4 ping statistics ---   1 packet(s) transmitted   1 packet(s) received   0.00% packet loss   round-trip min/avg/max = 40/40/40 ms配置ospfR1、R2、R3、R4使用Loopback0接口地址作为Router ID,在各个设备的互联接口、Loopback0接口激活OSPF。[R1-ospf-1-area-0.0.0.0]dis this [V200R003C00] # area 0.0.0.0 network 10.0.1.1 0.0.0.0 network 10.123.12.1 0.0.0.0 # return [R2-ospf-1-area-0.0.0.0]dis this [V200R003C00] # area 0.0.0.0 network 10.0.2.2 0.0.0.0 network 10.123.12.2 0.0.0.0 network 10.123.23.2 0.0.0.0 network 10.123.24.2 0.0.0.0 # return [R3-ospf-1-area-0.0.0.0]dis this [V200R003C00] # area 0.0.0.0 network 10.0.3.3 0.0.0.0 network 10.123.23.3 0.0.0.0 network 10.123.34.3 0.0.0.0 # return [R4-ospf-1-area-0.0.0.0]dis this [V200R003C00] # area 0.0.0.0 network 10.0.4.4 0.0.0.0 network 10.123.24.4 0.0.0.0 network 10.123.34.4 0.0.0.0 # return查看R2、R3上的ospf邻居信息查看R4的OSPF路由表可以看出来已经学到了全网路由配置IBGP对等体bgp 64511在R2、R3上查看IBGP对等体状态AS内的IBGP对等体关系成功建立配置路由反射器[R2]bgp 64511 [R2-bgp]peer 10.123.12.1 reflect-client [R3]bgp 64511 [R3-bgp]peer 10.123.23.2 reflect-client [R4]bgp 64511 [R4-bgp]peer 10.123.34.3 reflect-client在本步骤中,我们将在R2上发布BGP路由10.2.2.0/24,并观察该路由依次经路由反射器R3、R4反射后,被通告回R2从而引发潜在路由环路风险的情况。缺省情况下,R2发布BGP路由后,该路由将被R2直接通告给R4,另一方面也会通过R3反射给R4,此时R4将优选R2直接通告过来的路由,从而不会再将R3反射过来的路由再反射回给R2。为此,我们需要在R2上部署路由策略,使R2不直接向R4通告10.2.2.0/24路由。配置路由策略//在BGP中调用路由策略 [R2]bgp 64511 [R2-bgp]peer 10.123.24.4 route-policy bgp export //在R2上发布路由 [R2]bgp 64511 [R2-bgp] network 10.2.2.0 24在R2、R3上查看BGP路由10.2.2.0/24信息在R4上查看BGP路由10.2.2.0/24的信息//让R4重新发送Update报文 <R2>refresh bgp 10.123.24.4 import查看R2上Update报文收发数量验证Cluster_List实现路由防环验证Cluster_List实现路由防环取消R2上的BGP路由发布[R2]bgp 64511 [R2-bgp] undo network 10.2.2.0 24一次查看R1、R2、R3、R4上BGP路由的10.1.1.0/24的信息R1为BGP路由10.1.1.0/24的始发者,R1将路由通告给了R2(10.0.12.2)来自路由反射器客户端R1的BGP路由10.1.1.0/24,R2将其反射给了R3(10.0.23.3)来自路由反射器客户端R2的BGP路由10.1.1.0/24,R2反射时添加了Cluster_List属性,值为10.0.2.2,R3*将该条路由反射给了R4(10.0.34.4)来自路由反射器客户端R3的BGP路由10.1.1.0/24,R3反射时添加了Cluster_List属性的值,当前值为10.0.3.3,10.0.2.2,R4将该条路由反射给了R2(10.0.24.2)再次查看R2的BGP路由表在R2上查看BGP对等体10.123.24.4的详细信息R2从R4收到了1个Update报文,未向R4发送Update报文(路由策略限制),但是本地BGP路由表中没有R4通告的BGP路由10.1.1.0/24。在R2上触发入方向的软复位,让R4重新发送Update报文<R2>refresh bgp 10.123.24.4 import <R2>display bgp peer 10.123.24.4 verbose | in Update Update-group ID: 1 Update messages 2 Update messages 0接收的Update报文数量增加,R2从R4收到了BGP路由10.1.1.0/24的通告。再次查看R2上BGP路由10.1.1.0 24的明细信息依旧只有来自R1通告的1条BGP路由,R4通告的BGP路由其Cluster_List属性值中包含了R2的Cluster-ID,R2忽略了该路由通告。